Background
I'm learning to deploy Django application with Nginx on top of Ubuntu. As far as I know /var/www/<project_root> is one common place to place the Django project.
Problem
I'm not sure if /var/www is considered to be the good and safe practice for the project or is there some other options that are considered more appropriate. Also I'm not totally sure who should be the owner of the project dir and which permissions should it have.
Guestions
Where should I place the Django project in Ubuntu filesystem?
Which user should own the project directory?
What permissions should the project directory and files
I know there is no definitive answer for these guestions, but I'm pretty sure there are some common good practices that are widely considered to be safe.
Actually, /var/www is a bad place for your Django code. It's the default DocumentRoot for Apache, so is the place were it looks to serve files to users; but Django code is not files that should be served, it's code that should be run. Putting the code there allows the possibility that a misconfiguration permits your code to be served directly to users, which is a big security risk.
Apart from that, it doesn't really matter where the code goes. Personally I like /srv.
Related
This link:
https://docs.djangoproject.com/en/1.8/howto/static-files/ starts off by explaining a "grossly inefficient and probably insecure, unsuitable for production" way of serving files. It also explains how to use
django.contrib.staticfiles.views.serve()
which is "not suitable for production use!". I don't want to have to code an entire Django project, finish it and then end up having to change a lot of code right before deploying because the current code is "grossly inefficient and probably insecure, unsuitable for production".
With that said, what's the best approach (the approach which doesn't require a lot of extra work just to move my app from development to production) to take when serving static files? I'm asking because I've never been through the process of deploying a Django app before and when deploying, I don't want to end up saying to myself "wow, I should have done it that way rather than this way".
You don't change any code, because it's not your code that serves static files. You need to configure your web server to do it; which is fine, because you're configuring your web server anyway for deployment.
The whole point of the staticfiles app in Django is just that, that it manages files for you in development and puts them in a single place for deployment so you can point your web server at them.
For some reason i can't figure out, other than the 'stupid' errors that keep creeping up when I try to access media files (files uploaded by the user) in my Django app, why I just can't server media files!
In this particular case, all I want for example is to be able to serve up images to the front that have been uploaded. My up correctly serves static files via /static/, but when I try to serve my /site_media/ files hell breaks loose! What could I be doing wrong?
So, after realizing that Django wasn't essentially crafted to actually handle media files, I decided to resort to using Apache via the recommended mod_python option like it is recommended to do in production. But I've never done this before, and am wondering whether this is worth the trouble on the development server.
Well, I know eventually I have to go down this path when I go production, and so will still have to learn how to do this, but what are the pros and cons for this route on the development server?
First, mod_python is not recommended. In fact, it's specifically recommended against. Use mod_wsgi instead.
Secondly, we have no possible way of telling what you're doing wrong when serving static media via the dev server, because you have provided no code or details of your setup.
Finally, there is no reason why you can't use Apache - or even better, a lightweight server such as nginx - and point it at your static directory only. Then, set STATIC_URL in your settings.py to the address served by that server. It makes no difference what port it is on while you're in development.
It is surely a pro since the django serves the requests faster without having to deal with the media.
A con is that, if and when you edit the media, you need to also restart the apache, for the media to refresh.
update based on your comment:
You can of-course easily do it. One simple way I practice this is, by using the nginx and symlinking the media folder into nginx sites-enabled and run nginx on port 80 (or any other).
You can set the MEDIA_URL in your settings, where you point it to the url with the appropriate port.
I am completely new to this Django world. I haven't tried it ever before.
Now the problem is as below;
One of my clients was hosting his site somewhere else that I don't know and they built the site using Django. The host company doesn't allow to make any changes on their server, instead they provided the zip file for all the files in the site to me; so that now I can host my client's site.
As I don't know anything about Django, can someone please shed a light where I should start from?
Thanks in advance.
Cheers.
Sach
First of all, install Django on the development machine. Start by trying to get the development server run on your machine.
Gather requirements: check the settings.py for installed apps against the default Django settings.py file. See if there are any popular django apps that site depends on. If there are any, then you probably will have to install them, too.
In which format was the database provided? Will you move to another more appropriate format? Python bindings for databases are required too.
Considering the fact that you have inherited this project and probably will need to make some changes, consider installing django-south, so you can easily make changes to the database schema.
If you get the site running properly on your own machine, consider deplyoment. Is there a lot of static content? (if so, consider nginx). Set up apache2 and install the mod_wsgi module. Deploy.
Work your way through the Django tutorial first. Then look into Django Book as has been mentioned. Django IRC channel (#django) on Freenode is also great for help.
Your best bet would be to learn about Django before trying to jump in head first - https://www.djangoproject.com/ contains documentation as well as tutorials on creating Django apps.
Django is fairly easy to setup if you already have the code written. You'll need to install the chosen database and then simply follow the tutorial on the Django website
Django comes with a built-in server so it's very easy to run the website for development without needing Apache, nginx or much else.
I learned using the Django Book. Django is an easy-to-use framework, you should be fine.
Also, in the short-term there's a file called views.py and separate folder containing templates. If you're familiar with MVC (MVT in Django) this contains the views for the site in function form. There's probably (but not always) a folder for templates which contains a lot of the HTML for the site. Just a good starting pointing for basic modifications.
You can perhaps start here. https://docs.djangoproject.com/en/dev/howto/deployment/
First, find out the django version required by your client. Install that on a server (not a production one), setup apache and mod_wsgi. The zip files may go to a dir which can be included in the mod_wsgi configuration.
Find about the static files and setup apache or any other lightweight webserver to server it.
You may not be a developer, but have a try with the django book. It can give you a good idea how its structured.
I was presenting a Django demonstration to my brother and he asked me the following question(s): "Why Django static and media folders aren't pre-configured? It's purpose aren't to be a convention over configuration framework? Why I am supposed to configure these things every time I start a Django project?"
I couldn't answer to him. Does anyone can?
P.S: I don't mean to compare Django with other frameworks. I'm just trying to understand why these design decisions were made;
Django is very definitely not a convention over configuration framework. Your brother is perhaps thinking of Rails, which does follow that principle - but Django follows the Python principle of "explicit is better than implicit".
Because django shouldn't distribute media files anyway. When you read the documentation you can see that the static files should (and must) be distributed by your server engine and/or by some kind of CDN when you are in production. Django, is just here to process your pages but not your media. And when you are in development, indeed, you have to use django to distribute static files. But you can use a python script to generate it, and manage it. For me, one of the best is: Django mediagenerator. This will let your files like they are in dev mode, but this will optimize it in production.
Aside from not deploying a Django project to the web site root directory, is there any specific benefit to running Django projects from one location, e.g. /var/django-projects/**xxxxx-project/ vs. (in a shared hosting environment) running each Django project in a domain folder, e.g. **/vhost/mydomain.com/xxxxx-project?
Doesn't matter -- choose an organization that fits your needs.
I roughly followed this guide when creating a server to handle several Django sites, and I like the folder organization it uses. A couple of benefits:
All Django sites are in a special django user's home directory
There is a domains folder, then a folder for every site that contains the django projects, logs, wsgi files, and other files
VirtualHost containers are each in the own file, keeing httpd.conf manageable.
Realistically it shouldn't matter where you put them so long as you're consistent.
I think the biggest argument one way or another would boil down to file system permissions and where related files will be. If you are allowing development from different users on the projects but want to limit their scope, this is where the split will make more sense.
No except to extent that you mention, ie., that it shouldn't be under DocumentRoot for any site.
You should also ensure that the WSGI script file is not in the same directory as the Django settings file as doing so would generally see you saying to Apache that that directory can be served up by Apache. This may not happen as there will be no Alias directive mapping a URL to that directory, but you have still removed one layer of protection from Apache security.
So, follow the guidelines in:
http://code.google.com/p/modwsgi/wiki/IntegrationWithDjango
and have the WSGI script file in a directory of its own which has no source code at all under it, or have the WSGI script file in a completely different directory outside of Django project, which again contains only script files of other files that Apache would technically be allowed to serve up.
Basic rule is don't stick source code (except for WSGI script file) in any directory for which:
Allow from all
has been defined by way of Apache configuration.
Of course, above partly assumes you are using mod_wsgi. :-)